How to resolve CSRF token issue in headless/decoupled application ?